MDE is causing headache to our C++ devs
Trying to unblock one of our C++ devs. They are on VS 2022 building a native projectS and Defender (MsMpEng) was sitting at ~70% CPU during links..
What we've done so far:
Ran MDAV Performance Analyzer, confirmed link.exe scanning .lib files in Windows Kits\10\Lib was the hot path.
Added Intune AV exclusions for link.exe (wildcarded across VS year/edition/MSVC version) plus the Windows Kits Lib/Include folders and the MSVC toolset's own lib folder.
Enabled Dev Drive on L:, they moved the work there, Defender now async-scans it.
But they complained agian. We ran Performance Analyzer again and the new top offender is the VS Installer package cache (C:\ProgramData\Microsoft\VisualStudio\Packages) eating ~900s of scan time on .vsix payloads whenever VS updates.
What do you think the right approach here? Should we keep chasing whatever clogs resources and mde and add to exclusion.
I am trying to be minimal in exclusions as possible.
Are my exclusions approach correct? Or will it come to bite my butt in the future?
Current excl:
Excluded Paths
C:\Program Files (x86)\Windows Kits\10\Lib,
C:\Program Files (x86)\Windows Kits\10\Include, C:\Program Files\Microsoft Visual Studio\*\*\VC\Tools\MSVC\*\lib,
C\ProgramData\Microsoft\VisualStudio\Packages
Excluded Processes
C:\Program Files\Microsoft Visual Studio\*\*\VC\Tools\MSVC\*\bin\Hostx64\x64\link.exe,
C:\Program Files\Microsoft Visual Studio\*\*\VC\Tools\MSVC\*\bin\Hostx64\arm64\link.exe